smh.com.au — If you think the password protection on your MS Word file is keeping it safe from prying eyes, you're wrong. The time it takes to crack password-protected Microsoft Office files has tumbled from a 25-day average to a matter of seconds, thanks to a decades-old code-cracking technique that until recently was not viable.
Sep 19, 2006 View in Crawl 4
jeffrey903Sep 19, 2006
Because it is slightly easier to have word encrypt it then to save it as a normal doc file and encrypt it with TrueCrypt.
cuzicanSep 19, 2006
I won't dispute the confusion sometimes, but just have a little faith knowing that a lot of work is going into handling these situations..Also, I haven't been able to be on digg for the past 10hrs so I am glad that this was still on the front page since it always reminds me that security is not a product it's a process...
exploitSep 19, 2006
Forgive him O Lord. He knows not what he is saying.
ostracizeSep 19, 2006
This is misleading. They claim to hack a word file in mere seconds but in the previous sentence they say it requires a pre-computed table listing. Depending on the password, this could take a long time to "pre-compute"Sorry but this just sounds like another version of brute force hacking. It just doesn't require live authentication.
johnbcm99Sep 19, 2006
qwerty
grumpyrainSep 19, 2006
I am pleased that someone has finally bothered to comment. One thing I hate about Digg is that too many folk simply mod down without giving a argument to counter the point they object to.@Acid BathI totally agree that most people do not read the book, and unfortunately (as SuperCow points out), it is actually the developers who could have prevented it by not using a straight public hashing function on the text and by enforcing a minimum password length and complexity (or at the very least generate a warning that this password is easy to crack).@opelloYou are right to say that collisions occur. According to information theory, there is a minimum amount of space that is required to store a piece of data (a ceiling to lossless compression for a given piece of data). So by definition, if you have an infinite number of strings that you need to hash into a fixed length string. Not only is that a many to one mapping but also an infinite to one mapping. Or in english, for every hash there is an infinite number of binary strings that could have generated that exact hash.Again, where rainbow tables work is where you simply take the password and use that as a hash. They are not feasible if you need to calculate an entire table for every possible implementation. For example, where salt techniques are used ( <a class="user" href="http://en.wikipedia.org/wiki/Salt_%28cryptography%29">http://en.wikipedia.org/wiki/Salt_%28cryptography%29</a> ), or even extended to not be at a fixed location but rather at a location in the hash determined by the password itself, you would need to generate a new set of tables for each attack.